Hello ketanco,
—
TL;DR: See this link on how to protect your WordPress site: https://codex.wordpress.org/Hardening_WordPress
—
I’m sorry but I’m going to be frank with you here: if you’re tired of keeping backups and maintaining your site, then…
- You should pay someone to manage your site for you so you never have to deal with it… OR
- You should embrace the fact that your site will sooner or later be hacked and you’ll lose everything… OR
- You should not even run a website, to begin with
Alternatively, if you don’t need all the power of a DIY CMS like WordPress, you should switch to WordPress.com or to a hosted static site builder like Squarespace or Solo Build It or even Wix (cough!)
question 1) now if i do that, all i need to do is to install a theme like i mentioned above and in case anything happens, i just delete all files and upload the same theme back from here, and, all i must keep is my picture files, under uploads folder, so that is the only folder i pay attention to and it is the only folder that i must save correct? am i missing anything?
No.
Malware can be injected into your site’s database… and this will continue to work even if you delete the entire WordPress installation folder and reinstall everything from scratch (while using the compromised database).
That’s why I find it very troubling when you say you’re tired of maintaining backups… something you can do 100% automatically and 100% free.
question 2) and as far as plugins i will be as simple as possible again, such as only akismet and wordfence. can you think of anything else very essential like this?
Well, that depends entirely on your use case.
For me, the automated nightly back is essential… so that should my site ever get hacked, I can easily restore a pristine version of the site with a few clicks.
But it appears you don’t want to even do backups at anymore 🙂
On several sites I run myself or manage for clients, I have over 20 plugins running.
And I’ve used WordPress longer than WordPress even existed (started with b2/cafelog which became WordPress).
But I’ve not had a single site compromised before.
question 3) my database has a very strong password so unless they can break it they have no way of hacking database and so when hacking occurs it should be the files and folders but not the database correct?
Breaking the password is just one of several ways… and not even a common way… of compromising a site’s database.
The most common way is SQL injection attack, wherein an attacker takes advantage of some other vulnerability to send malicious commands to your database server (oversimplification!).
Also, a vulnerability in any file in your WordPress site — whether it’s a theme file, plugin file, WordPress itself… or even a vulnerability in the underlying server that the site sits on… can be leveraged to launch a successful attack.
And when you have crossed all your I’s and dotted all your T’s, a third-party service… your email, social media, or even ads appearing on your site… can be hacked and used as an entry point into your website.
